135a7af01ffb0005ffdbebd499d87d16890b5fd9
howto/vyos1.4.x.md
| ... | ... | @@ -4,7 +4,7 @@ VyOS is an open source software router. It is feature rich and supports multipl |
| 4 | 4 | It can be downloaded here <https://www.vyos.io/rolling-release/>. |
| 5 | 5 | |
| 6 | 6 | ## Firewall Baseline |
| 7 | -We will configure firewall access lists for inbound connections on our peer Wireguard interfaces as well as block all inbound connections to our router with the exception of BGP. This should be a good baseline firewall ruleset to filter inbound traffic on your network’s edge. Modifications may be needed depending on your specific goals. If your router has an uplink back to a larger internal network (outside of DN42), an outbound firewall ruleset will need to be applied to that interface. |
|
| 7 | +We will configure firewall access lists for inbound connections on our peer Wireguard interfaces as well as block all inbound connections to our router with the exception of BGP. This should be a good baseline firewall ruleset to filter inbound traffic on your network's edge. Modifications may be needed depending on your specific goals. If your router has an uplink back to a larger internal network (outside of DN42), an outbound firewall ruleset will need to be applied to that interface. |
|
| 8 | 8 | |
| 9 | 9 | By default, VyOS is a **stateless** firewall. To enable **stateful** packet inspection globally enter the following commands. |
| 10 | 10 | ``` |
| ... | ... | @@ -12,7 +12,7 @@ set firewall state-policy established action 'accept' |
| 12 | 12 | set firewall state-policy related action 'accept' |
| 13 | 13 | ``` |
| 14 | 14 | |
| 15 | -We also need to accept invalids on our network’s edge. However, this should not become common practice elsewhere. |
|
| 15 | +We also need to accept invalids on our network's edge. However, this should not become common practice elsewhere. |
|
| 16 | 16 | ``` |
| 17 | 17 | set firewall state-policy invalid action 'accept' |
| 18 | 18 | ``` |